<!DOCTYPE html>
<?php session_start(); ?>
<html>
<head>
	<title>Login</title>
	<meta charset="UTF-8" />
</head>

<body>
<?php
	$matchname = $_POST["username"];
	$password = $_POST["password"];
	$DB = mysql_connect("localhost","root","12345");
	mysql_query("set names utf8");
	mysql_select_db("mynotes",$DB);
	$DBT = mysql_query("select pwd from user where user_name = '$matchname'");
	if(mysql_num_rows($DBT) == 0)
	{
?>

<h1>用户不存在，即将跳转</h1>

<?php
		header("Refresh:3;url='index.php'");
	}
	else
	{
		$DBTrow = mysql_fetch_row($DBT);
		if(md5($password) != $DBTrow[0])
		{
?>

<h1>密码不正确，即将跳转</h1>

<?php
			header("Refresh:3;url='index.php'");
		}
		else 
		{
			$DBT = mysql_query("select user_type from user where user_name = '$matchname'");
			$DBTrow = mysql_fetch_row($DBT);
			if($DBTrow[0] == "Admin")
			{
				$_SESSION["session_admin"] = true;
			}
			$_SESSION["session_username"] = $matchname;	
			header("Location: index.php");
		}
	}			
?>
</body>
</html>